# vsftpd.pm
# Copyright (C) 2006, 2007 Stephane Alnet
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
# 

#
# For more information: http://carrierclass.net/
#

package CCNv2::Provision::Application::vsftpd;
use strict; use warnings;
use CCNCore::Provision::Base;
use base qw(CCNCore::Provision::Base);
use CCN::Text;
use CCNCore::Scripting;
use CCNCore::Home;

sub run()
{
    my $self = shift;
    return if $self->p->force_manager;

    $self->PACKAGE ('vsftpd');
    $self->CHECKFOR ('/etc/init.d/vsftpd');
    $self->CHECKFOR ('/usr/sbin/');

    # Should FTPd be enabled?
    return $self->disable('vsftpd')
        unless $self->p->is_a_file_server;

    $self->enable('vsftpd');

    # Make it an UPGRADE process -- polycom-adduser is clever enough to figure out
    # it was already ran.
    if($self->upgrading)
    {
        CCN::Scripting::exec_command(CCNCore::Home::manager.q(/lib/CCNv2/bin/bootstrap/polycom-adduser.sh));
    }

    # The following files could be static. The first one should be checked for location
    # but that's about it.

    # This file is /etc/vsftpd.conf on Debian, /etc/vsftpd/vsftpd.conf on RH-base
    my $filename;
    $filename = '/etc/vsftpd.conf'        if -e '/etc/vsftpd.conf';
    $filename = '/etc/vsftpd/vsftpd.conf' if -e '/etc/vsftpd/vsftpd.conf';
    $self->warn ('Cannot find vsftpd.conf, is vsftpd installed?')
        if not defined $filename;

    CAT $filename, <<'EOT';
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=NO
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ls_recurse_enable=NO
# Debian's
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
# RH's
tcp_wrappers=YES
userlist_enable=YES
EOT

    IF_CHANGED $filename => '/etc/init.d/vsftpd restart';

    CAT '/etc/vsftpd.ftpusers', <<'EOT';
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
EOT

    CAT '/etc/vsftpd.user_list', <<'EOT';
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
EOT

    # ZZZ Per MAC address (?) boot file for Polycom phones.

}
1;
